easyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.
19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703This tool is a proof-of-concept packer for .NET executables designed to provide a starting point to explain the basic principles of runtime packing.
00edbbabaeeafd89302340cee6a316b6a2882f9c7f305be53f952d2c234eaf60Contexis CMS version 1.0 suffers from a cross site scripting vulnerability.
ab5e2108f93cfcf2603751d8a48b52da0ef3be80421319c493809fa7004539fbDebian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.
7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.
b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65fRed Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.
66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0Red Hat Security Advisory 2013-1457-01 - The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
f0bc34c54d779918b986683d5fd801d334fea4b81db30f56c90de612a52fd94cDrupal Bean third party module version 7.x suffers from a cross site scripting vulnerability.
5e97713fe4414c722908505802236b453b4140bd483353df1873c0b578da4978In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent. Versions 7.1 and 7.1.1 are affected.
1d9bdb134e4d458497e0ceca42b57c05550f4701f6e3aab2e693ee71a6cf1843The 13th Annual AusCERT Information Security Conference, AusCERT2014, is to be held on the Gold Coast, Queensland, Australia from Monday 12th - 16th May 2014, at the Royal Pines Resort. AusCERT is the premier Computer Emergency Response Team for Australia and provides information security support and advice to its members, including the higher education sector and the Australian community at large.
9c1c0aae7c07abdb4d7a0076bd5d5c2071c6fd8594b36ba32657f9bf4d16b9b3Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.
702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84fThis is a whitepaper discussing fuzzing and software vulnerabilities. This is part one. It is written in Turkish.
29c607fe9abef0fbc5dd236320bcc02b3b1b6084b7be47b5e412136cdbb1b06f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed